From a879a7d3f47557d4fc446d2aff6cb5b1ef07bb4d Mon Sep 17 00:00:00 2001 From: Jozef Mlich Date: Mon, 1 Jun 2015 08:08:35 +0200 Subject: [PATCH] out of bounds read access in is_utf8_well_formed() Resolves: #1201310 CVE-2014-9488 --- less-471-out_of_bounds_read.patch | 11 +++++++++++ less.spec | 9 ++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 less-471-out_of_bounds_read.patch diff --git a/less-471-out_of_bounds_read.patch b/less-471-out_of_bounds_read.patch new file mode 100644 index 0000000..baaca73 --- /dev/null +++ b/less-471-out_of_bounds_read.patch @@ -0,0 +1,11 @@ +--- less-474/line.c 2015-01-31 00:20:29.000000000 +0100 ++++ less-475/line.c 2015-03-05 20:07:08.000000000 +0100 +@@ -807,7 +807,7 @@ + mbc_buf[mbc_buf_index++] = c; + if (mbc_buf_index < mbc_buf_len) + return (0); +- if (is_utf8_well_formed(mbc_buf)) ++ if (is_utf8_well_formed(mbc_buf, mbc_buf_index)) + r = do_append(get_wchar(mbc_buf), mbc_buf, mbc_pos); + else + /* Complete, but not shortest form, sequence. */ diff --git a/less.spec b/less.spec index 6470dee..412908a 100644 --- a/less.spec +++ b/less.spec @@ -1,7 +1,7 @@ Summary: A text file browser similar to more, but better Name: less Version: 471 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv3+ Group: Applications/Text Source: http://www.greenwoodsoftware.com/less/%{name}-%{version}.tar.gz @@ -18,6 +18,7 @@ Patch8: less-458-lessecho-usage.patch Patch9: less-458-less-filters-man.patch Patch10: less-458-lesskey-usage.patch Patch11: less-458-old-bot-in-help.patch +Patch12: less-471-out_of_bounds_read.patch URL: http://www.greenwoodsoftware.com/less/ Requires: groff-base BuildRequires: ncurses-devel @@ -45,6 +46,7 @@ files, and you'll use it frequently. %patch9 -p1 -b .less-filters-man %patch10 -p1 -b .lesskey-usage %patch11 -p1 -b .old-bot +%patch12 -p1 -b .out_of_bounds_read.patch autoreconf chmod -R a+w * @@ -75,6 +77,11 @@ ls -la $RPM_BUILD_ROOT/etc/profile.d rm -rf $RPM_BUILD_ROOT %changelog +* Mon Jun 01 2015 Jozef Mlich - 471-3 +- out of bounds read access in is_utf8_well_formed() + Resolves: #1201310 + CVE-2014-9488 + * Sat Feb 21 2015 Till Maas - 471-2 - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code